Firmeo LogoFirmeo
EN
Sign up now
Cold email & deliverability

Cold Email: deliverability, SPF, DKIM and DMARC explained

The best cold email is worthless if it lands in spam. This guide explains the building blocks of good deliverability and the anatomy of a message that gets opened and answered, in plain language and with no technical degree required.

June 21, 2026, 10 min read
Cold Email: deliverability, SPF, DKIM and DMARC explained

Cold email is one of the most direct routes to new customers in B2B, but also one of the easiest to get wrong. Two things decide success: whether your message even reaches the inbox, and whether it is good enough to deserve a reply. The first part is a question of deliverability, the second a question of relevance and craft. This guide covers both. First the technical and reputation-related basics, that is, SPF, DKIM, DMARC, domain reputation and volume ramp-up, then how to build a message that gets opened and answered. The good news: the basics are manageable once you set them up cleanly.

Why cold emails land in spam

Deliverability decides whether your email lands in the inbox or the spam folder, and it hangs on three things: the technical authentication of your domain, the build of a good reputation and sensible sending behavior. Common reasons for a spam rating are missing authentication records, a domain that is too young or strained, a too-fast increase in send volume and high bounce rates from stale addresses. None of these reasons has anything to do with the content of your message. You can write the perfect email and still land in spam if the basics are not right. That is why they come first.

SPF, DKIM and DMARC, the three standards

These three DNS records prove to receiving mail servers that your emails are genuine and not forged. They are the single most important one-time measure for better deliverability:

  • SPF (Sender Policy Framework) defines which servers are allowed to send in your name.
  • DKIM (DomainKeys Identified Mail) signs your emails cryptographically, so tampering is detectable.
  • DMARC builds on SPF and DKIM, tells receiving servers what to do with mail that fails the check, and delivers you reports.

Without these records, even legitimate mail lands in spam more often, because receiving servers cannot verify the origin. With them you create the technical basis of trust on which everything else builds.

What is SPF in detail?

SPF stands for Sender Policy Framework. It is a DNS record that defines which mail servers are authorized to send email in the name of your domain. When a mail arrives, the receiving server looks up this record and compares the sending server. If it is on the list, the mail passes the SPF check. If it is not, that is a warning signal. Important to know: a domain may have exactly one SPF record. Multiple records cause errors, and too many DNS lookups within the record also make the check fail. All permitted senders, that is, your email provider and every tool that sends in your name, belong in this one record.

DKIM and DMARC complement SPF

SPF alone is not enough. DKIM adds a cryptographic signature to every mail, which the receiving server can use to check whether the message was altered in transit. DMARC connects both and defines what should happen when a mail fails SPF or DKIM, such as delivery, marking or rejection, and sends you reports on failed checks. Only together do the three standards form solid protection. Anyone who sets all three correctly signals to receiving servers that they take their domain seriously, and so significantly improves the likelihood of landing in the inbox.

Domain reputation and volume ramp-up

Mail servers rate how trustworthy your domain is. A new domain or a new mailbox that suddenly sends hundreds of mails a day looks suspicious. That is why you ramp the volume up slowly, called ramp-up: first a few mails per day, then gradually more over weeks. That way you build reputation instead of burning it. Reputation is fragile and slow to build, but fast to destroy. A single day of mass sending to stale addresses can undo weeks of careful work. Patience here is not a nice extra, it is the precondition for your mail arriving at all.

More levers for a clean reputation:

  • Send from your own mailbox instead of through third-party bulk servers.
  • Keep the bounce rate low, that is, do not contact stale or invented addresses.
  • Take replies seriously and stop sequences as soon as someone responds.
  • Personalized, relevant content instead of identical mass mails.

The anatomy of a good cold email

When deliverability is right, the message itself decides. A good cold email is short, concrete and respectful. It consists of a few clear building blocks:

  • An honest subject line that does not look like an ad and makes no false promise.
  • A first sentence with a real hook to the company, not about you, but about them.
  • A short note on why your offer might be relevant for this specific company.
  • A single, small next step instead of immediate sales pressure.
  • An easy way to decline or object.

Do I need a cold email template?

Templates are a double-edged sword. They help you avoid reinventing a proven structure every time, but they tempt you to send the same message to everyone. The sensible middle ground: use a template for the structure, that is, subject, opening, benefit, next step, and personalize the decisive parts per recipient from real research. That way you keep a proven structure and still avoid the generic impression. A template you send one-to-one to a thousand recipients is not a cold email, it is spam, and it gets treated as such. The structure may recur, the hook must be individual.

Follow up without being annoying

Most replies do not come on the first mail. One to two polite follow-ups over several days, each with its own small value, raise the reply rate noticeably. After that it is over. The important part is the iron rule to stop immediately as soon as someone replies or objects. An automated follow-up to someone who has already answered destroys the good impression in seconds. Good follow-up does not simply repeat the first message, it delivers a new thought, an additional piece of information or a different perspective. That way every touch stays relevant, instead of just building pressure.

Common mistakes in cold email

  • Missing or faulty SPF, DKIM and DMARC records.
  • A too-fast volume increase on a new domain with no ramp-up.
  • Stale or invented addresses that lead to high bounce rates.
  • Generic mass mails with no real hook to the company.
  • Sending through third-party bulk servers instead of from your own mailbox.

The right sender infrastructure

Before the first cold email goes out, it is worth a look at the foundation: the sender infrastructure. Many experienced senders use a separate, additional domain for outreach instead of the main domain, so any reputation damage does not hit the entire company. This domain is authenticated cleanly, warmed up slowly and used exclusively for outreach. The number of mailboxes also plays a role: instead of overloading a single mailbox, some distribute the volume across several. The important part is to stay honest and use no obfuscation tactics. The goal is a stable, traceable foundation, not tricking spam filters, which only works briefly anyway.

Subject lines that get opened

The subject line decides whether your mail gets opened at all. It is the first and often only thing the recipient sees. Good subject lines are short, concrete and honest. They spark curiosity through relevance, not through exaggeration. Clickbait promises, lots of exclamation marks or typical marketing words raise not only the reader's suspicion, but also the likelihood of landing in spam. What works best is a subject line that looks like a personal message from one human to another, not like a campaign. A concrete hook to the company or a real, simple question almost always beats the clever marketing phrasing that everyone instantly recognizes as an ad.

Segmentation instead of one-size-fits-all

A message that fits everyone fits no one properly. Segmentation means splitting your audience into smaller, similar groups and phrasing a more fitting message for each. A software company has different problems than a trades business, a CEO different ones than a department lead. The tighter the segment, the more relevant you can write, without reinventing every single mail from scratch. The effort pays off, because the reply rate rises with relevance. Segmentation is the middle ground between full individual personalization, which does not scale, and the pure one-size-fits-all approach, which reaches no one. It makes cold email efficient and still personal enough.

Use A/B tests sensibly

You only know what really works once you measure it. A/B tests compare two variants, say two subject lines or two openings, to see which one lands better. The important part is to always test only one variable at a time, otherwise you end up not knowing what made the difference. Just as important is a sufficient sample, because nothing reliable can be derived from five mails. Test systematically and document the results, so insights are not lost. Over time you develop your own sense of what works with your audience, backed by data instead of guesses. Small, steady improvements add up to a much better overall result.

The metrics of deliverability

Cold email becomes steerable through a few central metrics. You should keep an eye on the most important ones, because they signal early when something is going off the rails:

  • Delivery rate: the share of mails that get delivered at all, instead of vanishing into nowhere.
  • Bounce rate: the share of undeliverable addresses, a direct hint about data quality.
  • Open rate: a rough indicator of subject line and sender reputation, to be interpreted with care.
  • Reply rate: the genuinely decisive number, because it measures real interest.
  • Spam complaints: even a few of them harm the reputation considerably and must be taken seriously.

Avoid blacklists

Anyone who sends too much too fast, contacts stale addresses or triggers many complaints risks landing on a blacklist. Such lists are used by mail servers to block known spam sources. If your domain or IP is on one, even flawless mails no longer land in the inbox. The best protection is prevention: slow ramp-up, fresh and verified addresses, an immediate stop on reply or objection and a watchful eye on the complaint rate. Once the damage is done, the return is laborious and lengthy. So the same holds for deliverability as for trust in general: hard to build, easy to lose, worth every bit of caution.

The legal framework for US and international outreach

Technique and craft alone are not enough: cold email is also a legal matter. In the US, commercial email is governed mainly by CAN-SPAM, which does not require prior consent but requires honest headers, a valid physical address and a working opt-out you honor promptly. The moment you email contacts in the EU or UK, a stricter regime applies: GDPR plus national marketing rules, where unsolicited B2B email often needs a defensible legal basis. A traceable data origin, a recognizable factual hook to the contacted company and a simple, immediately effective right to object are therefore not just good practice, they are legally significant. A detailed treatment of the EU side can be found in the dedicated guide on GDPR-compliant cold outreach. This section is no substitute for legal advice, it is a reminder to consider the legal side from the start.

How Firmeo built this in

Firmeo sends from your own mailbox, ramps the volume up automatically and rotates cleanly. Because the leads are freshly researched from public sources and checked against the website instead of coming from old lists, the bounce rate stays low, and sequences stop automatically as soon as someone replies. The AI personalizes the subject line and opening from real research results with sources, so the structure can recur but the hook stays individual. Processing runs EU-hosted and GDPR-compliant. That way your domain reputation stays intact while you scale.

Conclusion

Cold email works, but only when two things come together: your message must arrive, and it must deserve a reply. The first part is craft and patience. Cleanly set SPF, DKIM and DMARC records, a separate warmed-up sender domain, a slow volume ramp-up and fresh, verified addresses are the foundation everything else stands on. Without them, even the best mail lands in spam. Anyone who takes deliverability seriously as a technical foundation and keeps an eye on metrics like bounce and complaint rate protects their reputation, which is hard to build and easy to lose.

The second part is the message itself. An honest subject line, a real hook to the company, a clear small next step and a simple way to object beat any generic mass mail. Segmentation and thoughtful personalization make the outreach relevant without driving the effort to infinity, and systematic tests improve the results step by step. Above all stands the legal framework, which not only recommends clean data and transparency but requires it. Anyone who thinks technique, craft and law together turns cold email into a reliable channel instead of a throwaway tactic. It is exactly this care that separates sustainable outreach from short-lived spam, which burns your own domain and in the end does more harm than good.

FAQ

Read more

B2B Cold Outreach: what actually works in 2026
Cold outreach & law

B2B Cold Outreach

Cold outreach has a bad reputation, usually deserved, because it is generic. Done right, it is the most predictable growth channel in B2B. This guide walks through what matters, step by step.

Read article
B2B Customer Acquisition: from luck to system
Lead generation

B2B Customer Acquisition

Anyone who wants to grow predictably in B2B needs a repeatable acquisition process instead of luck. This guide shows every building block, from the target audience to data quality and lead scoring all the way to the first reply.

Read article
B2B Sales: the modern process from lead to close
B2B sales & AI

B2B Sales

Modern B2B sales is not gut feeling, it is a process. Anyone who sets it up cleanly and supports it with AI and automation in the right places wins customers predictably, instead of waiting for referrals.

Read article

Prospecting, clean and automated

Firmeo researches fresh, documents its sources and sends GDPR-compliant from your own mailbox. Grab your spot on the waitlist, with a 7-day free trial at launch.

Sign up now